can you explain how the api private key(broker/exchange) are saved on your system? ...
i dont need the full details but enough so i know they are stored safely.
i dont need the full details but enough so i know they are stored safely.
Sure, I'm including a response I gave to this previously:
Quote
We're using symmetrical AES-256 to encrypt your exchange API keys. The first time you start a bot, you'll be prompted to enter your API keys along with a passphrase of your choosing (it shouldn't be the same as your account password).
We encrypt your keys with the passphrase and store them in our database, but we never store the passphrase anywhere, so in the highly unlikely event that our database is ever compromised, the potential attacker would have no way getting your original API keys and your funds would therefore be safe.
From now on, each time you start the bot you'll be prompted for the passphrase. We use that to decrypt the keys and send them directly to the bot instance without storing them anywhere. They are not written to disk and only kept in-memory by the bot instance.
We think that this is a good compromise over having to enter your API keys every time; and obviously much better than storing them in the clear.
We encrypt your keys with the passphrase and store them in our database, but we never store the passphrase anywhere, so in the highly unlikely event that our database is ever compromised, the potential attacker would have no way getting your original API keys and your funds would therefore be safe.
From now on, each time you start the bot you'll be prompted for the passphrase. We use that to decrypt the keys and send them directly to the bot instance without storing them anywhere. They are not written to disk and only kept in-memory by the bot instance.
We think that this is a good compromise over having to enter your API keys every time; and obviously much better than storing them in the clear.
.. some day it will be in java aswell? 
